Online Social Network - a Threat to Privacy and Security of Human Society

International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 1 ISSN 2250-3153

Online Social Network - A Threat to Privacy and Security of Human Society

P.Krubhala, P.Niranjana, G.Sindhu Priya

Department of Computer Science and Engineering, NSCET name of organization, acronyms acceptable, Theni, India

Abstract- With over 1 billion users connected through online real-time with their physical environment. This fusion of online social media, user confidentiality is becoming even more social networks with real-world mobile computing has created a important and is widely argue in the media and researched in fast growing set of applications that have unique requirements academia. Social networking sites are a powerful and fun way to and unique implications that are not yet fully understood. communicate with the world. The Internet is the safe place for LAMSN systems such as WhozThat [1] and Serendipity [2] only those people who aware of the risk and the security, and can provide the infrastructure to leverage social networking context take steps to protect themselves, so the best solution is to learn. within a local physical proximity using mobile smart phones. Social media is a good service because it lets you to share what However, such systems pay little heed to the security and privacy actually you want to share, but it can also be used for negative concerns associated with revealing one’s personal social purposes, and in both cases you are responsible for your security. networking preferences and friendship information to the Protection and preventative techniques are not very difficult, but ubiquitous computing environment. you need to be careful while you are on the Internet. In this paper we provide a brief overview of some attire to users’ privacy. We classify these threats as: users’ block, design pitfall and II. SUMMARY OF OUR WORK IN THIS PAPER limitations, implicit flows of information, and clash of stimulus. We present significant security and privacy problems that We also describe about the privacy and security issues associated are present in most existing mobile social network systems. with social network systems. Because these systems have not been designed with security and privacy in mind, these issues are unsurprising. The contributions Index Terms- Social networks, Privacy we make in this paper are the following 1. First thing is regarding the impact of social networks in today’s world. I. INTRODUCTION 2. The next section deals with the privacy problem affiliated he level of human connectivity has reached extraordinary with the online social networking along with their security Tlevels with over1 billion people using one or more online associated complication. social networks including Facebook, Twitter, YouTube, and 3. And finally we scrutinize the design flaws and limitations GoogleC. The enormous amount of data provided and shared on of a social networking systems. these social networks may include the following information about a user: personal details, current address, hometown, email addresses, instant messenger usernames, activities, interests, III. IMPACT ON SOCIAL NETWORK favorite sports, favorite teams, favorite athletes, favorite music, The growth of social networks has exploded over the last television shows, games, languages, his religious views, political year. In particular, usage of Facebook has spread internationally views, inspirations, favorite quotations, service users history, and to users of a wide age range. According to Facebook.com’s education history, relationship status, family members, and statistics page, the site has over 200 million active users [3] [4], software applications. The user also provides revise in the form of which over 100 million log on everyday. To compare this with of status information or Tweets, which could include: a thought, Com Score’s global Internet usage statistics [5], this would imply an act, a link they want to contribute a video. All these that nearly 1 in 10 of all Internet users log on to Facebook information confess a lot about the user, which will be of interest everyday and that the active Facebook Internet population is to various groups. larger than any single country’s Internet population (China is the Social networks, due to many such unfavorable incidents, largest with 179.7 million Internet users [5]). Mobile users in have been blame for breaching the privacy of their users. Both in particular are active Facebook users. According to Facebook academia and in the media, the importance of a user’s statistics (March 2009) there are currently over 30 million active confidentiality has been rarely discussed. In addition to some mobile users of Facebook, and those users are almost 50% more proposed technical solutions, there have been a huge number of active on Facebook than non-mobile users. initiatives to educate users so that they do not provide an The increasing sophistication of information technology excessive amount of personal information with its capacity to collect, analyse and disseminate information Furthermore, social network information is now being is posing significant threats to social networks users privacy. It is correlated with users’ physical locations, allowing information now common wisdom that the power, capacity and speed of about users’ preferences and social relationships to interact in information technology are accelerating rapidly. The extent of

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 2 ISSN 2250-3153 privacy invasion or certainly the potential to invade privacy IV. PRIVACY increases correspondingly.[6] Many social networks can be On the Internet, privacy, a major concern of users, can be broken up into many categories and most networks fall into more divided into these concerns: What personal information can be than one category [6]. The present paper is outlining the 3 most shared with whom Whether messages can be exchanged without daily used social networking sites giving examples and anyone else seeing them Whether and how one can send characteristics in order to understand the spectrum of the issue messages anonymously Personal Information Privacy Most Web with social network privacy.Every minute of the day: users want to understand that personal information they share 1.100,000 tweets are sent will not be shared with anyone else without their permission. 2. 684,478 pieces of content are shared on Facebook Information privacy, or data privacy (or data protection), is 3.2 million search queries are made on Google the relationship between collection and dissemination 4.48 hours of video are uploaded to YouTube of data, technology, the public expectation of privacy, and 5. 47,000 apps are downloaded from the App Store the legal and political issues surrounding them. Privacy concerns 6.3,600 photos are shared on Instagram exist wherever personally identifiable information or 7.571 websites are created other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control A Types of social network sites can be the root cause for privacy issues. Lets have a brief introduction about the types of social networking sites. 1) Social Networking Sites Facebook, Twitter, LinkedIn, Google+, MySpace Micro- blogging is similar to blogs, it is a micro journal of what is happening right now, people share what is going on in their individual life or information individual wants to share.[7]. In general terms these sites allow users to add friends, send messages and share content.

2. Social Media Sharing Sites Photo sharing Instagram, Flickr, Photobucket, Picasa and Youtube, Vimeo, SoundCloud, MySpace and etc. Figure 2: Information shared in social media These social networking sites allow users to easily share video and photography content online. Photo sharing sites allow people to upload photos to share either privately with only A. Definitions of Privacy selected other users or publicly. Creative commons licensing There is no one recognized definition of confidentiality in rights can grant permissions for others to use the photos by academia or in government circles.Over the course of time simply embedding the codes in their blogs [7]. several definitions have been gone in to. In this field we look into some of those definitions. One of the first definitions of 3. Location Based Networks confidentiality, by Aristotle, makes a distinction between Foursquare, Gowalla, Loopt political activity as public and family as private [7].Implied here Typically entered via smart phones, these applications rather are barrier that might be suggested by the walls of a family than social networking sites feature check- in capabilities so that house, an assumption which is made explicit, though also users can, if they choose, share their location with their social modified, in a far more recent definition, that of Associate Justice connections. John Paul Steven of the US Supreme Court. Here, the home is not the exclusive locus of privacy, but is, rather, the informing image or design in light of which privacy in other contexts may be interpret. This is an interesting definition. The Internet has managed to dim the boundaries that would have been suggested by the walls of a house. However, privacy on the Internet is a more complex affair than physical metaphors of intrusion and exposure can capture alone. Defense against publication of private information can protect the exposure of that information, but what if it is used, rather to produce targeted advertisements, with no publication. William Parent provides a definition of privacy which does not rest on an implicit physical dimension, as follows [7]:Privacy is the condition of not having undocumented personal knowledge about one possessed by others. A person’s privacy is subside exactly to the degree that others possess this kind of knowledge

about him. Figure 1: Social media types representation

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 3 ISSN 2250-3153

This definition rests on the notion of “informed consent” as in the case of multimedia collections, as they could reveal much defined by Aristotle [7]. If there is any information about other of the user’s personal and social environment.[9] need a documentary evidence. An idea of privacy breach Commonly users do not think or are not even aware of the understood in these terms thus remains very valid in the era of risks when they share something online. Based on Das and Sahoo cloud computing. Samuel Warren’s and Louis Brandies’ 1890 (2011) survey often the decision about sharing something is paper [9], “The Right to Privacy,” in which they refer to Judge “made on the moment”, however in todays networked world, the Cooley summarizing it as consisting of the right “to be let alone.” next day the content you have shared is accessible to parents, The current establishment casts this as a right to: Control over teachers, employers, Aware and Obama (2009) state: Far too information about oneself. It is in this tradition of thought that many users believe that their postings on the Internet are private Alan Westin defined privacy as an individual right, held by all between them and the recipient. The reality, however, is that people, [29]:To control, edit, manage, and delete information once the statement is typed, it can be copied, saved and about them[selves] and decide when, how, and to what extent forwarded. In addition, the user no longer owns all the information is communicated to others. information posted to social networks. “So if you’re using Gmail or Yahoo mail or Flickr or. YouTube or belong to Facebook you’ve given up complete control of your personal information’ [11] Video and photo sharing services can pose a great threat especially for teenagers and youngsters, due to their vulnerability. Although. However it is important to mention that there has been a number of cases when youngsters have been harassed by paedophiles online and these cases have also led to suicide

2. Privacy concerns regarding Social networking services The following chapter looks into the privacy issues of social networking services. Social Networking sites as mentioned earlier are the sites aimed for micro-blogging, to document about ones life, his/hers likings and dislikings and everyday happenings. Susan B. Barnes a Professor in the Department of Communication at the Rochester Institute of Technology in New York claims that in America, people live in a paradoxical world of privacy. As we know people will freely give up personal information to join social networks on the Internet and social Figure 3: Privacy data in social media networking tools have almost become indispensable for them. Many people may not be aware of the fact that their privacy has A. Types of Privacy issues already been jeopardized and they are not taking steps to protect 1. Privacy concerns regarding Social Media Sharing their personal information from being used by others. [14] Services Social networking sites (such as Facebook, Orkut) create a Social media sharing services are services, which allow its central repository of personal information. These archives are users to generate and share different types of content. Youtube persistent and cumulative. Instead of replacing old information and Vimeo are an example for sharing service for video and with new materials, online journals are archive–oriented audio, Instagram and flicker are the ones for sharing photos and compilations of entries that can be searched. While American there are many more. However the aim of this paper is not to go adults are concerned about how the government and corporations in depth into what kind of different sharing service providers, are centrally collecting data about citizens and consumers, platforms, apps and etc. there are on the market but to discuss teenagers are freely giving up personal and private information in about the privacy issues that arise with sharing different kinds of online journals. Adults are concerned about invasion of privacy, content on these networks. while teens freely give up personal information. This occurs Posting Content such as picture and video arise new privacy because often teens are not aware of the public nature of the concerns due to their context revealing details about the physical Internet. [14] and social context of the subject. Ahern, Eckles et al. (2007: 357) Facebook has met criticism on a range of issues, including analysing the issue and conducting studies on Privacy Patterns online privacy, child safety and hate speech. The Electronic and Considerations in online and mobile photo sharing claim: Frontier Foundation has identified two personal information The growing amount of online personal content exposes users to aggregation techniques called "connections" and "instant a new set of privacy concerns. Digital cameras, and lately, a new personalization" that assure anyone has access even to personal class of camera phone applications that can upload photos or information you may not have intended to be public. [15]There video content directly to the web, make publishing of personal has been many more privacy issues with Facebook content increasingly easy. Privacy concerns are especially acute 3. Location based social networks and privacy

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 4 ISSN 2250-3153

Location based social networks are part of what is called 2. Encryption: Many social networking sites allow you to Location based services (LBS).They are made possible by use encryption called HTTPS to secure your connection to the linking Global positioning system (GPS), which track user’s site. Some sites like Twitter and Google+ have this enabled by location, to the capabilities of the World Wide Web, along with default, while other sites require you to manually enabled other vital features such as instant messaging. [22] HTTPS via account settings. Whenever possible use HTTPS. Location-Based Social Networks (LBSN) derive from LBSs 3. Email: Be suspicious of emails that claim to come from a and are often referred to as Geosocial Networking. As reported in social networking site; these can easily be spoofed attacks sent Microsoft Research “a LBSN does not only mean adding a by cyber criminals. The safest way to reply to such messages is location to an existing social network so that people in the social to log in to the website directly, perhaps from a saved bookmark, structure can share location-embedded information, but also and check any messages or notifications using the website. consists of the new social structure made up of individuals 4. Malicious Links/Scams: Be cautious of suspicious links connected by the interdependency derived from their locations in or potential scams posted on social networking sites. Cyber the physical world as well as their location-tagged media content, criminals can post malicious links and if you click on them, they such as photos, video, and texts” [23].Further, the connection take you to websites that attempt to infect your computer. In between users goes beyond sharing physical locations but also addition, just because a message is posted by a friend does not involve sharing knowledge like common interests, behaviour, mean it is from them, as their account may have been and activities. Such pervasive tools represent a challenge to compromised. privacy. 5. Apps: Some social networking sites give you the ability LBSN users face the situation that the information they to add or install third-party applications, such as games. Keep in publish on the such platforms could be used to track their mind there is little or no quality control or review of these unwanted situations like being the victim of stalking.The Privacy applications; they may have full access to your account and advocates fear that Foursquare, along with other geolocation private information. apps Gowalla and Google Latitude, are vulnerable to "data scraping", namely, the sophisticated trawling and monitoring of A. Design Flaws and Limitations user activity in an effort to build a rich database of personal 1.Productivity information. One reason why organizations on social networking within Specifically the insurgence of applications designed to the geographical point is that the incontrovertible fact that function as venues information aggregators can potentially workers pay a good deal of your time change their profiles and represent a major threat to privacy and LBSN. Another issue sites throughout the day. If each worker in an exceedingly 50- related to is known as ‘opt-in’ vs ‘opt-out’ default settings. An strong men spent half-hour on a social networking website daily, opt-in scenario refers to having default settings where a platform that might compute to a loss of half-dozen,500 hours of requires user to join or sign up to specific given service in order productivity in one year! though this could be a generalization, to receive the benefits of it. The provider is then granted organizations look terribly rigorously at productivity problems, permission to access the user's data and to offer the service. and twenty five hours of non-productive work per day doesn't think again well with management. once you consider the 4. Sites Convergence common wage per hour you get a much better (and decisive) A recent issue related to privacy on today’s internet is the image. There is additionally a control on company morale. that users often have ‘profiles’ and accounts on different site that workers don't appreciate colleagues outlay hours on social due to their different nature a number of information become networking sites (and others) whereas they're functioning to hide publicly available that if puzzled together provide a picture of the the work. The impact is additional pronounced if no action is user in certain cases more private that the user would like to be. taken against the abusers. eg-convergence of sites: Subject A is the same as in example 1, subject C is a company like Linkedin. In 2012, 2.Resources LinkedIn announced its acquisition of the start-up Although updates from sites like Facebook or LinkedIn Rapportive,[27] which created a browser plug-in taking contact might not take up immense amounts of information measure, the information from social networks such as Twitter and Facebook, provision of (bandwidth-hungry) video links denote on these and placing them into Google's Gmail. sites creates issues for IT directors. there's a price to web browsing, particularly once high levels of information measure area unit needed. V. SECURITY In addition to privacy concerns, social networking sites can 3.Viruses and Malware be used by cyber criminals to attack you or your devices. Here This threat is usually unnoticed by organizations. Hackers are some steps to protect yourself: area unit drawn to social networking sites as a result of they see 1. Login: Protect your social networking account with a the potential to commit fraud and launch spam and malware strong password and do not share this password with anyone or attacks. There area unit quite fifty,000 applications on the market re-use it for other sites. In addition, some social networking sites for Facebook (according to the company) and whereas FaceBook support stronger authentication, such as two-step verification. could create each effort to supply protection against malware, Enable stronger authentication methods whenever possible. these third-party applications might not all be safe. Some have the potential to be accustomed infect computers with malicious

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 5 ISSN 2250-3153 code, that successively may be accustomed collect knowledge Some of the social networking sites like Twitter, Instagram from that user’s website. Electronic messaging on social is not that much easy task for in-house data acquisition networking sites is additionally a priority, and therefore the departments there structures are more complex they have Koobface worm is simply one example of however messages limitation for crawl they amount of data. This kind of work is area unit accustomed unfold malicious code and worms. performed better by using this Prompt Cloud’s Social Media Data Acquisition Service – which can take care of your end-to- 4.Social Engineering end requirements and provide you with the desired data in a Social engineering is changing into a creation and additional minimal turnaround time. Most of the popular social networking and additional individuals area unit falling victim to on-line sites such as Twitter and Facebook let crawlers extract data only scams that appear real. this will lead to knowledge or fraud. through their own API so as to control the amount of Users is also convinced to administer personal details like social information about their users and their activities. insurance numbers, employment details and then on. By assembling such info, knowledge larceny becomes a significant risk. On the opposite hand, individuals have a habit of posting details in their social networking profiles. whereas they might ne'er disclose bound info once meeting somebody for the primary time, they see nothing wrong with posting it on-line for all to envision on their profile, personal web log or different social networking website account. This knowledge will usually be well-mined by cyber criminals. Figure 4: Social media representation 5.Reputation and Legal Liability At then time of authorship, there are no major company 8.Graph Theory lawsuits involving proof from social networking sites. as an Earlier stage onwards social network idea is based on graph example, one young worker wrote on her profile that her job was theory. This method is used to identify the number of nodes and boring and shortly received her walking orders from her boss. there links(for example affluences and the followers).Affluences What if a dissatisfied worker set to complain a couple of product are called as users they have influence on the activities or or the company’s inefficiencies in his or her profile? There are opinion of other users by way of followership or influence on serious legal consequences if workers use these sites and click on decision made by other users on the network. on links to look at objectionable, illicit or offensive content. AN Graph theory was very much useful for large scale datasets. leader might be command to blame for failing to shield workers Centrality measure is used to forms the clusters & cohesiveness from viewing such material. The legal prices, fines and harm to among [19] social network. It measure was used to inspect the the organization’s name might be substantial. representation of power and influence that forms clusters and cohesiveness [16] on social network. Centrality metric The 6.Fake Accounts and biological research Attacks authors [34] employed parameterized centrality metric approach Thus, it's terribly simple for Associate in Nursing offender to study the network structure and to rank nodes connectivity. to register accounts in the name of somebody else, though it's Their work formed an extension of a-centrality approach which prohibited by the privacy policies of most service suppliers. The measures the number of alleviated paths that exist among nodes. act of making bogus accounts is additionally referred to as a sybil attack. An offender will use personal data, e.g. photos and videos VI. CONCLUSION of the victim, on the faux profile to win the trust of his friends Social networking sites have become a potential target for and allow them to permit the bogus account into their circle of attackers due to the availability of sensitive information, as well trust. this fashion the offender can have access to the data of the as its large user base. Therefore, privacy and security issues in friends of his victim, that his friends have united to share with online social networks are increasing. This survey paper the victim and not essentially the offender. addressed different privacy and security issues, as well as the The process of making bogus accounts, is named a “cloning techniques that attackers use to overcome social network security attack,” when the attacker clones (creates virtually precise mechanisms, or to take advantage of some flaws in social copies) of real social network accounts and then adds identical networking site. Privacy issue is one of the main concerns, since and/or alternative contacts as their victim. Bilge et al. [5] showed many social network user are not careful about what they expose the ease of launching an automatic hoax attack against some in on their social network space. The second issue is identity theft; style social networks by causation friend requests to friends of attackers make use of social networks account to steal victim’s many their cloned victims. identities. The third is the spam issue. Attackers make use of social networks to increase spam click through rate, which is 7.Crawling more effective than the traditional email spam. The forth is the Crawling a social media is fairly a new concept. Most of the malware issue. Attackers use social networks as a channel to social media sites are cropped in the past decade. This is the data spread malware, since it can spread very fast through most companies wanted product review, brand analysis, and connectivity among users. Social networking sites are always overall brand related items.

www.ijsrp.org International Journal of Scientific and Research Publications, Volume 5, Issue 4, April 2015 6 ISSN 2250-3153 facing new kind of malware. Lastly, physical threats, which are [18] Facebook bug sees Zuckerberg pictures posted online. BBC, December 7, the most harmful issues, were addressed. 2011 [19] Facebook Timeline: http://www.facebook.com/about/timeline. Accessed 16 May 2012 [20] Felt, A.: Defacing Facebook: A security case study. 2007 EFERENCES R [21] Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. [1] A. Beach, M. Gartrell, S. Akkala, J. Elston, J. Kelley, K. Nishimoto, B. Comm. ACM 50(10), 94–100 (2007) Ray, S. Razgulin, K. Sundaresan, B. Surendar, M. Terada, and R. Han, [22] Lindamood, J., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.M.: “Whozthat? evolving an ecosystem for context-aware mobile social Inferring private information using social network data. In: WWW, pp. networks,” IEEE Network, vol. 22, no. 4, pp. 50–55, July-August 2008. 1129–1146, 2009 [2] N. Eagle and A. Pentland, “Social serendipity: Mobilizing social software,” [23] Mackay, W.E.: Triggers and barriers to customizing software. In: CHI, pp. IEEE Pervasive Computing, vol. 4, no. 2, April-June 2005. 153–160, 1991 [3] “Facebook statistics,” http://www.facebook.com/press/info.php? statistics. [24] Mahmood, S.: New privacy threats for Facebook and Twitter users. In: [4] A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and B. Bhattacharjee, IEEE 3PGCIC, 2012 “Measurement and analysis of online social networks,” in Proceedings of [25] Mahmood, S.: Online social networks: The overt and covert communication the 5th ACM/USENIX Internet Measurement Conference (IMC’07), channels for terrorists and beyond. In: IEEE HST, 2012 October 2007. [26] Mahmood, S., Desmedt, Y.: Poster: preliminary analysis of GoogleC’s [5] “Global internet use reaches 1 billion,” http://www.comscore.com/press/ privacy. In: ACM Conference on Computer and Communications Security, release.asp?press=2698. pp. 809–812, 2011 [6] http://social-networks-privacy.wikidot.com/ [27] Mahmood, S., Desmedt, Y.: Online social networks, a criminals [7] Privacy: Stanford Encyclopedia of Philosophy, 2002 multipurpose toolbox (poster abstract). In: Balzarotti, D., Stolfo, S.J., Cova, [8] Samaha, J.: Criminal Justice. Thomson Wadsworth, Belmont, CA (2006) M. (eds.) Research in Attacks, Intrusions, and Defenses, vol. 7462 of Lecture Notes in Computer Science, pp. 374–375. Springer, New York [9] Warren, S.D., Brandeis, L.D.: The right to privacy. Harv. Law Rev. 4(5), 193–220 (1890) [28] Acquisti, A., Grossklags, J.: Uncertainty, ambiguity and privacy. In: WEIS, 2005 [10] Chaabane, A., Acs, G., Kaafar, M.: You are what you like! information leakage through users’ interests. In: Proc. Annual Network and Distributed [29] Westin, A., Blom-Cooper, L.: Privacy and Freedom. Bodley Head, London System Security Symposium, 2012 (1970) [11] Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. ACM 24(2), 84–88 (1981) [12] Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, pp. AUTHORS 199–203, 1982 [13] Cooper, B.: Italian drugs fugitive jailed after posting pictures of himself First Author – P.Krubhala, Department of Computer Science with Barack Obama waxwork in London on Facebook. Mail Online and Engineering, NSCET name of organization, acronyms February 14, 2012 acceptable, Theni, India, Email: [email protected] [14] Dey, R., Tang, C., Ross, K.W., Saxena, N.: Estimating age privacy leakage Second Author – P.Niranjana, Department of Computer Science in online social networks. In: INFOCOM, pp. 2836–2840, 2012 and Engineering, NSCET name of organization, acronyms 70 S. Mahmood acceptable, Theni, India, Email: [email protected] [15] Dhingra, A.: Where you did sleep last night? . . . thank you, i already know! Third Author – G.Sindhu Priya, Department of Computer iSChannel 3(1) (2008) Science and Engineering, NSCET name of organization, [16] Donald, A.M., Cranor, L.F.: How technology drives vehicular privacy. J. Law Pol. Inform. Soc. 2, (2006) acronyms acceptable, Theni, India, Email: [17] Ebersman, D.A.: Facebook Inc., Form S-1 registration statement. United [email protected] States Securites and Exchange Commission, February 1, 2012